What Motivates Website Malware Attacks?
Ben Martin The depiction in the media of hackers tends to be that of balaclava-wearing villains who type furiously in a dark basement, motivated by nothing but…
Browsing Tag
Redirects
128 posts
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
Puja Srivastava During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted…
Rogue Ads Redirect Visitors
Matt Morrow Ads are everywhere. They generate revenue for site owners and can present related content to the website being visited. As detailed in previous articles, bad…
Indonesian Gambling Redirect Hiding in Plain Sight
Kayleigh Martin Many pieces of malware found over the years have been complex and difficult to find. Attackers often obfuscate their code to make it harder to…
SiteCheck Remote Website Scanner — Mid-Year 2024 Report
Kyle Knight Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote website scanners may not…
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the…
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise
A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…
Thousands of Sites with Popup Builder Compromised by Balada Injector
Denis Sinegubko On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam…
Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning…
From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging…